I'm definitely no security expert myself.. but a suggestion in addition to using crypt might be..

to use SSL to encrypt the pasword transfer from browser to webserver.. although not essential for a home/family setup, I can't imagine most business related sites not offering that option..HTTP sends everything in plain text, so anyone with a sniffer can simply lift your password off the wire, as it were....

this is one of the places to start, if you want to see a real implementation, a bit dated, but still holds true for lots of sites, I think.. also read "A guide to web authentication alternatives", given in the references section...
HTH